We all know keeping secrets, such as passwords, credentials, keys, and access tokens, in our code, is a bad security idea. But, thanks to code-driven automation with secrets and continuous integration/continuous delivery (CI/CD) we do it anyway. And, sometimes, it comes back to bite us: Hard.